Vulnerabilities in IBM

4,759 results
Vexday analysis

Com 4.716 CVEs catalogadas, o portfólio da IBM acumula um volume expressivo de vulnerabilidades, embora sua taxa de exploração ativa — 5 entradas no catálogo KEV da CISA, representando 0,11% do total — esteja abaixo da média geral do catálogo (0,45%), o que sugere menor aproveitamento ativo em comparação proporcional com outros vendors. A atenção deve se concentrar em CVE-2022-47986, cuja pontuação EPSS de 0,9997 indica probabilidade extremamente elevada de exploração ativa, tornando-a prioridade imediata de mitigação. As 92 CVEs críticas e 18 com PoC pública ampliam a superfície de risco concreto, especialmente considerando que 129 novas vulnerabilidades surgiram nos últimos 90 dias, indicando ritmo relevante de descoberta recente. O tipo de falha mais recorrente, CWE-79 (Cross-Site Scripting), aponta para fragilidades persistentes na camada de apresentação que exigem atenção continuada em práticas de desenvolvimento e validação de entrada.

CVE-2023-32334LOWIBM Maximo Asset Management information disclosureEPSS 0.6%CVE-2019-4171LOWIBM Cognos Controller 10.3.0, 10.3.1, 10.4.0, and 10.4.1 does not set the secure attribute on authorization tokens or session cookies. This EPSS 0.6%CVE-2022-34316LOWIBM CICS TX information disclosureEPSS 0.6%CVE-2021-29711MEDIUMIBM UrbanCode Deploy (UCD) 6.2.7.3, 6.2.7.4, 6.2.7.8 , 6.2.7.9, 7.0.3.0, 7.0.4.0, 7.0.5.4, 7.1.0.0, 7.1.1.0, 7.1.1.1, and 7.1.1.2 could alloEPSS 0.6%CVE-2021-20560MEDIUMIBM Sterling Connect:Direct Browser User Interface 1.4.1.1 and 1.5.0.2 could allow a remote attacker to hijack the clicking action of the viEPSS 0.6%CVE-2022-43927MEDIUMIBM Db2 for Linux, UNIX and Windows information disclosureEPSS 0.6%CVE-2020-8340MEDIUMA cross-site scripting (XSS) vulnerability was discovered in the legacy IBM and Lenovo System x IMM2 (Integrated Management Module 2), priorEPSS 0.6%CVE-2021-38946MEDIUMIBM Cognos Analytics 11.1.7, 11.2.0, and 11.1.7 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JaEPSS 0.6%CVE-2024-28767MEDIUMIBM Security Directory Integrator command executionEPSS 0.6%CVE-2020-4964MEDIUMIBM Jazz Team Server products contain an undisclosed vulnerability that could allow an authenticated user to present a customized message onEPSS 0.6%CVE-2022-43928MEDIUMIBM Db2 Mirror for i information disclosureEPSS 0.6%CVE-2020-4165MEDIUMIBM Security Guardium Insights 2.0.1 could allow a remote attacker to hijack the clicking action of the victim. By persuading a victim to viEPSS 0.6%CVE-2020-4195MEDIUMIBM API Connect V2018.4.1.0 through 2018.4.1.10 could allow a remote attacker to hijack the clicking action of the victim. By persuading a vEPSS 0.6%CVE-2022-35288MEDIUMIBM Security Verify Information Queue 10.0.2 could allow a user to obtain sensitive information that could be used in further attacks againsEPSS 0.6%CVE-2022-22445HIGHAn attacker that gains service access to the FSP (POWER9 only) or gains admin authority to a partition can compromise partition firmware.EPSS 0.6%CVE-2023-45182HIGHIBM i Access Client Solutions information disclosureEPSS 0.6%CVE-2023-49886CRITICALIBM Transformation Extender Advanced code executionEPSS 0.6%CVE-2022-43870MEDIUMIBM Spectrum Virtualize information disclosureEPSS 0.6%CVE-2025-36250CRITICALAIX Code ExecutionEPSS 0.6%CVE-2021-38876MEDIUMIBM i 7.2, 7.3, and 7.4 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the WebEPSS 0.6%